Note: FireWire Target Disk Mode a potential security hazard

Several readers have pointed out recently that FireWire target disk mode is a potential security liability, especially for unattended systems or portables that can be quickly moved from one location to another.

MacFixIt reader Paul Smith offers a case example:

"A friend of mine has a Titanium PowerBook G4 without an Internet connection at the moment, and I told him I would install the new Mac OS X 10.2.4 update from my system using FireWire target disk mode.

"After we completed the file exchange I was looking around on his hard drive partitions for a file he said I could have, I got distracted and started looking around his Mac OS X system folder. I realized that I could move/delete any file on any of his partitions, including system files. I was logged into my machine as an Admin and of course there were certain files I could not touch because they are owned by root or system.

"When getting info on his files all of the permissions belonged to me and I could do anything I liked with them. Now I may be missing something here but if I took a notebook and hooked it to a server or a networked machine and simply re-booted it and held the T key down doesn't that spell a huge gaping security hole? It certainly instantly got around all of my friends security procedures and he wasn't too pleased."

You can disable FireWire target disk mode using the Apple Open Firmware Password 1.0.2 software.

If you have any innovative ideas for temporarily disallowing FireWire target disk mode, or locking the FireWire port, drop us a line at late-breakers@macfixit.com.

Resources